Deel

DevSecOps Engineer

Deel

full-time

Posted on:

Location Type: Remote

Location: Brazil

Visit company website

Explore more

AI Apply
Apply

Tech Stack

CloudDockerJavaScriptKubernetesPythonTypeScript

About the role

  • Develop and maintain automated security tools and processes to identify vulnerabilities, perform code analysis, monitor systems and conduct security testing. This includes integrating security scanners, static code analysis tools, and vulnerability assessment tools into the CI/CD pipeline.
  • Work with infrastructure and operations teams to design and implement secure cloud infrastructure, network architecture, and deployment processes. This involves ensuring proper access controls, encryption, and monitoring are in place.
  • Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies. This includes log analysis, intrusion detection, and system monitoring.
  • Foster collaboration and communication between development, operations, and security teams. Act as a liaison to ensure that security requirements are understood and integrated into the development process.
  • Assist in compliance assessments and audits to ensure adherence to regulatory requirements and industry standards. Collaborate with auditors and provide necessary documentation and evidence of security controls.

Requirements

  • 3+ years in Security, SecOps, or DevSecOps roles
  • Hands-on experience creating, identifying and fixing infrastructure misconfigurations using policy-as-code and IaC security scanning tools such as **Checkov, tfsec, or Terrascan**.
  • Basic programming skills in JavaScript, TypeScript, Python; experience with version control (e.g., Git) and CI/CD pipelines.
  • Manage and tune WAF and firewall configurations (e.g., Cloudflare or equivalent) to protect
  • Familiarity with security principles, standards, and best practices, including common vulnerabilities (e.g., OWASP Top 10), secure coding, encryption, authentication, access control, and security testing.
  • Proficiency in methodologies and tools, including understanding CI/CD pipelines, infrastructure automation (e.g., Docker, Kubernetes), configuration management, and monitoring/observability.
  • Ability to assess risks and apply security controls, encompassing an understanding of threat modeling, risk assessment techniques, vulnerability management, and incident response planning.
  • Effective collaboration with cross-functional teams (developers, security, operations), promoting security practices, and integrating security seamlessly into the development process.
  • Proficiency in automation tools; knowledge of security scanners (e.g., SAST, DAST), vulnerability management systems, log analysis tools, and security-focused frameworks for automating security processes.
  • While not mandatory, possessing relevant security certifications is considered advantageous, enhancing credibility and demonstrating commitment to security practices.
Benefits
  • Stock grant opportunities dependent on your role, employment status and location
  • Additional perks and benefits based on your employment status and country
  • The flexibility of remote work, including optional WeWork access
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security toolscode analysisvulnerability assessmentpolicy-as-codeIaC security scanningJavaScriptTypeScriptPythonWAF managementinfrastructure automation
Soft Skills
collaborationcommunicationrisk assessmentincident response planningcross-functional teamworksecurity integration